GitHub/exynos8895/android_kernel_samsung_universal8895.git
13 years agoevm: replace hmac_status with evm_status
Dmitry Kasatkin [Fri, 6 May 2011 08:34:17 +0000 (11:34 +0300)]
evm: replace hmac_status with evm_status

We will use digital signatures in addtion to hmac.

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@nokia.com>
Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
13 years agoevm: evm_verify_hmac must not return INTEGRITY_UNKNOWN
Dmitry Kasatkin [Fri, 6 May 2011 08:34:14 +0000 (11:34 +0300)]
evm: evm_verify_hmac must not return INTEGRITY_UNKNOWN

If EVM is not supported or enabled, evm_verify_hmac() returns
INTEGRITY_UNKNOWN, which ima_appraise_measurement() ignores and sets
the appraisal status based solely on the security.ima verification.

evm_verify_hmac() also returns INTEGRITY_UNKNOWN for other failures, such
as temporary failures like -ENOMEM, resulting in possible attack vectors.
This patch changes the default return code for temporary/unexpected
failures, like -ENOMEM, from INTEGRITY_UNKNOWN to INTEGRITY_FAIL, making
evm_verify_hmac() fail safe.

As a result, failures need to be re-evaluated in order to catch both
temporary errors, such as the -ENOMEM, as well as errors that have been
resolved in fix mode.

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@nokia.com>
Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
13 years agoevm: additional parameter to pass integrity cache entry 'iint'
Dmitry Kasatkin [Fri, 6 May 2011 08:34:13 +0000 (11:34 +0300)]
evm: additional parameter to pass integrity cache entry 'iint'

Additional iint parameter allows to skip lookup in the cache.

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@nokia.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
13 years agoevm: crypto hash replaced by shash
Dmitry Kasatkin [Wed, 9 Mar 2011 20:07:36 +0000 (15:07 -0500)]
evm: crypto hash replaced by shash

Using shash is more efficient, because the algorithm is allocated only
once. Only the descriptor to store the hash state needs to be allocated
for every operation.

Changelog v6:
- check for crypto_shash_setkey failure

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@nokia.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
13 years agoevm: call evm_inode_init_security from security_inode_init_security
Mimi Zohar [Thu, 16 Jun 2011 01:19:10 +0000 (21:19 -0400)]
evm: call evm_inode_init_security from security_inode_init_security

Changelog v7:
- moved the initialization call to security_inode_init_security,
  renaming evm_inode_post_init_security to evm_inode_init_security
- increase size of xattr array for EVM xattr

Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
13 years agoevm: add evm_inode_init_security to initialize new files
Mimi Zohar [Wed, 9 Mar 2011 19:40:44 +0000 (14:40 -0500)]
evm: add evm_inode_init_security to initialize new files

Initialize 'security.evm' for new files.

Changelog v7:
- renamed evm_inode_post_init_security to evm_inode_init_security
- moved struct xattr definition to earlier patch
- allocate xattr name
Changelog v6:
- Use 'struct evm_ima_xattr_data'

Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
13 years agoevm: imbed evm_inode_post_setattr
Mimi Zohar [Wed, 9 Mar 2011 19:39:57 +0000 (14:39 -0500)]
evm: imbed evm_inode_post_setattr

Changing the inode's metadata may require the 'security.evm' extended
attribute to be re-calculated and updated.

Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
Acked-by: Serge Hallyn <serge.hallyn@ubuntu.com>
13 years agoevm: evm_inode_post_removexattr
Mimi Zohar [Wed, 9 Mar 2011 19:39:18 +0000 (14:39 -0500)]
evm: evm_inode_post_removexattr

When an EVM protected extended attribute is removed, update 'security.evm'.

Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
Acked-by: Serge Hallyn <serge.hallyn@ubuntu.com>
13 years agosecurity: imbed evm calls in security hooks
Mimi Zohar [Wed, 9 Mar 2011 19:38:26 +0000 (14:38 -0500)]
security: imbed evm calls in security hooks

Imbed the evm calls evm_inode_setxattr(), evm_inode_post_setxattr(),
evm_inode_removexattr() in the security hooks.  evm_inode_setxattr()
protects security.evm xattr.  evm_inode_post_setxattr() and
evm_inode_removexattr() updates the hmac associated with an inode.

(Assumes an LSM module protects the setting/removing of xattr.)

Changelog:
  - Don't define evm_verifyxattr(), unless CONFIG_INTEGRITY is enabled.
  - xattr_name is a 'const', value is 'void *'

Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
Acked-by: Serge Hallyn <serge.hallyn@ubuntu.com>
13 years agoevm: add support for different security.evm data types
Dmitry Kasatkin [Wed, 9 Mar 2011 19:28:20 +0000 (14:28 -0500)]
evm: add support for different security.evm data types

EVM protects a file's security extended attributes(xattrs) against integrity
attacks. The current patchset maintains an HMAC-sha1 value across the security
xattrs, storing the value as the extended attribute 'security.evm'. We
anticipate other methods for protecting the security extended attributes.
This patch reserves the first byte of 'security.evm' as a place holder for
the type of method.

Changelog v6:
- move evm_ima_xattr_type definition to security/integrity/integrity.h
- defined a structure for the EVM xattr called evm_ima_xattr_data
  (based on Serge Hallyn's suggestion)
- removed unnecessary memset

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@nokia.com>
Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
13 years agoevm: re-release
Mimi Zohar [Tue, 15 Mar 2011 20:12:09 +0000 (16:12 -0400)]
evm: re-release

EVM protects a file's security extended attributes(xattrs) against integrity
attacks.  This patchset provides the framework and an initial method.  The
initial method maintains an HMAC-sha1 value across the security extended
attributes, storing the HMAC value as the extended attribute 'security.evm'.
Other methods of validating the integrity of a file's metadata will be posted
separately (eg. EVM-digital-signatures).

While this patchset does authenticate the security xattrs, and
cryptographically binds them to the inode, coming extensions will bind other
directory and inode metadata for more complete protection.  To help simplify
the review and upstreaming process, each extension will be posted separately
(eg. IMA-appraisal, IMA-appraisal-directory).  For a general overview of the
proposed Linux integrity subsystem, refer to Dave Safford's whitepaper:
http://downloads.sf.net/project/linux-ima/linux-ima/Integrity_overview.pdf.

EVM depends on the Kernel Key Retention System to provide it with a
trusted/encrypted key for the HMAC-sha1 operation. The key is loaded onto the
root's keyring using keyctl.  Until EVM receives notification that the key has
been successfully loaded onto the keyring (echo 1 > <securityfs>/evm), EVM can
not create or validate the 'security.evm' xattr, but returns INTEGRITY_UNKNOWN.
Loading the key and signaling EVM should be done as early as possible. Normally
this is done in the initramfs, which has already been measured as part of the
trusted boot.  For more information on creating and loading existing
trusted/encrypted keys, refer to Documentation/keys-trusted-encrypted.txt.  A
sample dracut patch, which loads the trusted/encrypted key and enables EVM, is
available from http://linux-ima.sourceforge.net/#EVM.

Based on the LSMs enabled, the set of EVM protected security xattrs is defined
at compile.  EVM adds the following three calls to the existing security hooks:
evm_inode_setxattr(), evm_inode_post_setxattr(), and evm_inode_removexattr.  To
initialize and update the 'security.evm' extended attribute, EVM defines three
calls: evm_inode_post_init(), evm_inode_post_setattr() and
evm_inode_post_removexattr() hooks.  To verify the integrity of a security
xattr, EVM exports evm_verifyxattr().

Changelog v7:
- Fixed URL in EVM ABI documentation

Changelog v6: (based on Serge Hallyn's review)
- fix URL in patch description
- remove evm_hmac_size definition
- use SHA1_DIGEST_SIZE (removed both MAX_DIGEST_SIZE and evm_hmac_size)
- moved linux include before other includes
- test for crypto_hash_setkey failure
- fail earlier for invalid key
- clear entire encrypted key, even on failure
- check xattr name length before comparing xattr names

Changelog:
- locking based on i_mutex, remove evm_mutex
- using trusted/encrypted keys for storing the EVM key used in the HMAC-sha1
  operation.
- replaced crypto hash with shash (Dmitry Kasatkin)
- support for additional methods of verifying the security xattrs
  (Dmitry Kasatkin)
- iint not allocated for all regular files, but only for those appraised
- Use cap_sys_admin in lieu of cap_mac_admin
- Use __vfs_setxattr_noperm(), without permission checks, from EVM

Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
13 years agoxattr: define vfs_getxattr_alloc and vfs_xattr_cmp
Mimi Zohar [Wed, 9 Mar 2011 19:23:34 +0000 (14:23 -0500)]
xattr: define vfs_getxattr_alloc and vfs_xattr_cmp

vfs_getxattr_alloc() and vfs_xattr_cmp() are two new kernel xattr helper
functions.  vfs_getxattr_alloc() first allocates memory for the requested
xattr and then retrieves it. vfs_xattr_cmp() compares a given value with
the contents of an extended attribute.

Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
Acked-by: Serge Hallyn <serge.hallyn@ubuntu.com>
13 years agointegrity: move ima inode integrity data management
Mimi Zohar [Wed, 9 Mar 2011 19:13:22 +0000 (14:13 -0500)]
integrity: move ima inode integrity data management

Move the inode integrity data(iint) management up to the integrity directory
in order to share the iint among the different integrity models.

Changelog:
- don't define MAX_DIGEST_SIZE
- rename several globally visible 'ima_' prefixed functions, structs,
  locks, etc to 'integrity_'
- replace '20' with SHA1_DIGEST_SIZE
- reflect location change in appropriate Kconfig and Makefiles
- remove unnecessary initialization of iint_initialized to 0
- rebased on current ima_iint.c
- define integrity_iint_store/lock as static

There should be no other functional changes.

Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
Acked-by: Serge Hallyn <serge.hallyn@ubuntu.com>
13 years agosecurity: new security_inode_init_security API adds function callback
Mimi Zohar [Mon, 6 Jun 2011 19:29:25 +0000 (15:29 -0400)]
security: new security_inode_init_security API adds function callback

This patch changes the security_inode_init_security API by adding a
filesystem specific callback to write security extended attributes.
This change is in preparation for supporting the initialization of
multiple LSM xattrs and the EVM xattr.  Initially the callback function
walks an array of xattrs, writing each xattr separately, but could be
optimized to write multiple xattrs at once.

For existing security_inode_init_security() calls, which have not yet
been converted to use the new callback function, such as those in
reiserfs and ocfs2, this patch defines security_old_inode_init_security().

Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
13 years agoTOMOYO: Update kernel-doc.
Tetsuo Handa [Thu, 14 Jul 2011 05:46:51 +0000 (14:46 +0900)]
TOMOYO: Update kernel-doc.

Update comments for scripts/kernel-doc and fix some of errors reported by
scripts/checkpatch.pl .

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
13 years agotpm: Fix a typo
Stefan Berger [Wed, 30 Mar 2011 16:13:34 +0000 (12:13 -0400)]
tpm: Fix a typo

This patch fixes a typo.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Signed-off-by: Rajiv Andrade <srajiv@linux.vnet.ibm.com>
13 years agotpm_tis: Probing function for Intel iTPM bug
Stefan Berger [Wed, 30 Mar 2011 16:13:33 +0000 (12:13 -0400)]
tpm_tis: Probing function for Intel iTPM bug

This patch introduces a function for automatic probing for the Intel iTPM
STS_DATA_EXPECT flaw.

The patch splits the current tpm_tis_send function into 2 parts where the 1st
part is now called tpm_tis_send_data() and merely sends the data to the TPM.
This function is then used for probing. The new tpm_tis_send function now
first calls tpm_tis_send_data and if that succeeds has the TPM process the
command and waits until the response is there.

The probing for the Intel iTPM is only invoked if the user has not passed
itpm=1 as parameter for the module *or* if such a TPM was detected via ACPI.
Previously it was necessary to pass itpm=1 when also passing force=1 to the
module when doing a 'modprobe'. This function is more general than the ACPI
test function and the function relying on ACPI could probably be removed.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Signed-off-by: Rajiv Andrade <srajiv@linux.vnet.ibm.com>
13 years agotpm_tis: Fix the probing for interrupts
Stefan Berger [Wed, 30 Mar 2011 16:13:32 +0000 (12:13 -0400)]
tpm_tis: Fix the probing for interrupts

This patch fixes several aspects of the probing for interrupts.

This patch reads the TPM's timeouts before probing for the interrupts. The
tpm_get_timeouts() function is invoked in polling mode and gets the proper
timeouts from the TPM so that we don't need to fall back to 2 minutes timeouts
for short duration commands while the interrupt probing is happening.

This patch introduces a variable probed_irq into the vendor structure that gets
the irq number if an interrupt is received while the the tpm_gen_interrupt()
function is run in polling mode during interrupt probing. Previously some
parts of tpm_gen_interrupt() were run in polling mode, then the irq variable
was set in the interrupt handler when an interrupt was received and execution
of tpm_gen_interrupt() ended up switching over to interrupt mode.
tpm_gen_interrupt() execution ended up on an event queue where it eventually
timed out since the probing handler doesn't wake any queues.

Before calling into free_irq() clear all interrupt flags that may have
been set by the TPM. The reason is that free_irq() will call into the probing
interrupt handler and may otherwise fool us into thinking that a real interrupt
happened (because we see the flags as being set) while the TPM's interrupt line
is not even connected to anything on the motherboard. This solves a problem
on one machine I did testing on (Thinkpad T60).

If a TPM claims to use a specifc interrupt, the probing is done as well
to verify that the interrupt is actually working. If a TPM indicates
that it does not use a specific interrupt (returns '0'), probe all interrupts
from 3 to 15.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Signed-off-by: Rajiv Andrade <srajiv@linux.vnet.ibm.com>
13 years agotpm_tis: Delay ACPI S3 suspend while the TPM is busy
Stefan Berger [Wed, 30 Mar 2011 16:13:31 +0000 (12:13 -0400)]
tpm_tis: Delay ACPI S3 suspend while the TPM is busy

This patch delays the (ACPI S3) suspend while the TPM is busy processing a
command and the TPM TIS driver is run in interrupt mode. This is the same
behavior as we already have it for the TPM TIS driver in polling mode.

Reasoning: Some of the TPM's commands advance the internal state of the TPM.
An example would be the extending of one of its PCR registers. Upper layers,
such as IMA or TSS (TrouSerS), would certainly want to be sure that the
command succeeded rather than getting an error code (-62 = -ETIME) that may
not give a conclusive answer as for what reason the command failed. Reissuing
such a command would put the TPM into the wrong state, so waiting for it to
finish is really the only option.

The downside is that some commands (key creation) can take a long time and
actually prevent the machine from entering S3 at all before the 20 second
timeout of the power management subsystem arrives.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Signed-off-by: Rajiv Andrade <srajiv@linux.vnet.ibm.com>
13 years agotpm_tis: Re-enable interrupts upon (S3) resume
Stefan Berger [Wed, 30 Mar 2011 16:13:30 +0000 (12:13 -0400)]
tpm_tis: Re-enable interrupts upon (S3) resume

This patch makes sure that if the TPM TIS interface is run in interrupt mode
(rather than polling mode) that all interrupts are enabled in the TPM's
interrupt enable register after a resume from ACPI S3 suspend. The registers
may either have been cleared by the TPM loosing its state during device sleep
or by the BIOS leaving the TPM in polling mode (after sending a command to
the TPM for starting it up again)

You may want to check if your TPM runs with interrupts by doing

cat /proc/interrupts | grep -i tpm

and see whether there is an entry or otherwise for it to use interrupts:

modprobe tpm_tis interrupts=1 [add 'itpm=1' for Intel TPM ]

v2:
  - the patch was adapted to work with the pnp and platform driver
    implementations in tpm_tis.c

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Signed-off-by: Rajiv Andrade <srajiv@linux.vnet.ibm.com>
13 years agotpm: Fix display of data in pubek sysfs entry
Stefan Berger [Wed, 30 Mar 2011 16:13:29 +0000 (12:13 -0400)]
tpm: Fix display of data in pubek sysfs entry

This patch fixes the TPM's pubek sysfs entry that is accessible as long
as the TPM doesn't have an owner. It was necessary to shift the access to the
data by -10 -- the first byte immediately follows the 10 byte header. The
line

  data = tpm_cmd.params.readpubek_out_buffer;

sets it at the offset '10' in the packet, so we can read the data array
starting at offset '0'.

Before:

Algorithm: 00 0C 00 00
Encscheme: 08 00
Sigscheme: 00 00
Parameters: 00 00 00 00 01 00 AC E2 5E 3C A0 78
Modulus length: -563306801
Modulus:
28 21 08 0F 82 CD F2 B1 E7 49 F7 74 70 BE 59 8C
43 78 B1 24 EA 52 E2 FE 52 5C 3A 12 3B DC 61 71
[...]

After:

Algorithm: 00 00 00 01
Encscheme: 00 03
Sigscheme: 00 01
Parameters: 00 00 08 00 00 00 00 02 00 00 00 00
Modulus length: 256
Modulus:
AC E2 5E 3C A0 78 DE 6C 9E CF 28 21 08 0F 82 CD
F2 B1 E7 49 F7 74 70 BE 59 8C 43 78 B1 24 EA 52
[...]

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Signed-off-by: Rajiv Andrade <srajiv@linux.vnet.ibm.com>
13 years agotpm_tis: Add timeouts sysfs entry
Stefan Berger [Wed, 30 Mar 2011 16:13:28 +0000 (12:13 -0400)]
tpm_tis: Add timeouts sysfs entry

Display the TPM's interface timeouts in a 'timeouts' sysfs entry. Display
the entries as having been adjusted when they were scaled due to their values
being reported in milliseconds rather than microseconds.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Signed-off-by: Rajiv Andrade <srajiv@linux.vnet.ibm.com>
13 years agotpm: Adjust interface timeouts if they are too small
Stefan Berger [Wed, 30 Mar 2011 16:13:27 +0000 (12:13 -0400)]
tpm: Adjust interface timeouts if they are too small

Adjust the interface timeouts if they are found to be too small, i.e., if
they are returned in milliseconds rather than microseconds as we heared
from Infineon that some (old) Infineon TPMs do.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Signed-off-by: Rajiv Andrade <srajiv@linux.vnet.ibm.com>
13 years agotpm: Use interface timeouts returned from the TPM
Stefan Berger [Wed, 30 Mar 2011 16:13:26 +0000 (12:13 -0400)]
tpm: Use interface timeouts returned from the TPM

The TPM driver currently discards the interface timeout values returned
from the TPM. The check of the response packet needs to consider that
the return_code field is 0 on success and the size of the expected
packet is equivalent to the header size + u32 length indicator for the
TPM_GetCapability() result + 4 interface timeout indicators of type u32.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Signed-off-by: Rajiv Andrade <srajiv@linux.vnet.ibm.com>
13 years agotpm_tis: Introduce durations sysfs entry
Stefan Berger [Wed, 30 Mar 2011 16:13:25 +0000 (12:13 -0400)]
tpm_tis: Introduce durations sysfs entry

Display the TPM's command timeouts in a 'durations' sysfs entry. Display
the entries as having been adjusted when they were scaled due to their values
being reported in milliseconds rather than microseconds.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Tested-by: Guillaume Chazarain <guichaz@gmail.com>
Signed-off-by: Rajiv Andrade <srajiv@linux.vnet.ibm.com>
13 years agotpm: Adjust the durations if they are too small
Stefan Berger [Wed, 30 Mar 2011 16:13:24 +0000 (12:13 -0400)]
tpm: Adjust the durations if they are too small

Adjust the durations if they are found to be too small, i.e., if they are
returned in milliseconds rather than microseconds as some Infineon TPMs are
reported to do.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Signed-off-by: Rajiv Andrade <srajiv@linux.vnet.ibm.com>
13 years agotpm: Use durations returned from TPM
Stefan Berger [Wed, 30 Mar 2011 16:13:23 +0000 (12:13 -0400)]
tpm: Use durations returned from TPM

The TPM driver currently discards the durations values returned
from the TPM. The check of the response packet needs to consider that
the return_code field is 0 on success and the size of the expected
packet is equivalent to the header size + u32 length indicator for the
TPM_GetCapability() result + 3 timeout indicators of type u32.

v4:
- sysfs entry 'durations' is now a patch of its own
- the work-around for TPMs reporting durations in milliseconds is now in a
  patch of its own

v3:
- sysfs entry now called 'durations' to resemble TPM-speak (previously
  was called 'timeouts')

v2:
- adjusting all timeouts for TPM devices reporting timeouts in msec rather
  than usec
- also displaying in sysfs whether the timeouts are 'original' or 'adjusted'

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Tested-by: Guillaume Chazarain <guichaz@gmail.com>
Signed-off-by: Rajiv Andrade <srajiv@linux.vnet.ibm.com>
13 years agoTOMOYO: Enable conditional ACL.
Tetsuo Handa [Fri, 8 Jul 2011 04:25:53 +0000 (13:25 +0900)]
TOMOYO: Enable conditional ACL.

Enable conditional ACL by passing object's pointers.

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
13 years agoTOMOYO: Allow using argv[]/envp[] of execve() as conditions.
Tetsuo Handa [Fri, 8 Jul 2011 04:24:54 +0000 (13:24 +0900)]
TOMOYO: Allow using argv[]/envp[] of execve() as conditions.

This patch adds support for permission checks using argv[]/envp[] of execve()
request. Hooks are in the last patch of this pathset.

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
13 years agoTOMOYO: Allow using executable's realpath and symlink's target as conditions.
Tetsuo Handa [Fri, 8 Jul 2011 04:23:44 +0000 (13:23 +0900)]
TOMOYO: Allow using executable's realpath and symlink's target as conditions.

This patch adds support for permission checks using executable file's realpath
upon execve() and symlink's target upon symlink(). Hooks are in the last patch
of this pathset.

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
13 years agoTOMOYO: Allow using owner/group etc. of file objects as conditions.
Tetsuo Handa [Fri, 8 Jul 2011 04:22:41 +0000 (13:22 +0900)]
TOMOYO: Allow using owner/group etc. of file objects as conditions.

This patch adds support for permission checks using file object's DAC
attributes (e.g. owner/group) when checking file's pathnames. Hooks for passing
file object's pointers are in the last patch of this pathset.

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
13 years agoTOMOYO: Allow using UID/GID etc. of current thread as conditions.
Tetsuo Handa [Fri, 8 Jul 2011 04:21:37 +0000 (13:21 +0900)]
TOMOYO: Allow using UID/GID etc. of current thread as conditions.

This patch adds support for permission checks using current thread's UID/GID
etc. in addition to pathnames.

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
13 years agoTOMOYO: Remove /sys/kernel/security/tomoyo/.domain_status interface.
Tetsuo Handa [Thu, 7 Jul 2011 12:20:35 +0000 (21:20 +0900)]
TOMOYO: Remove /sys/kernel/security/tomoyo/.domain_status interface.

/sys/kernel/security/tomoyo/.domain_status can be easily emulated using
/sys/kernel/security/tomoyo/domain_policy . We can remove this interface by
updating /usr/sbin/tomoyo-setprofile utility.

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
13 years agoTOMOYO: Fix wrong domainname in tomoyo_init_log().
Tetsuo Handa [Thu, 30 Jun 2011 08:32:30 +0000 (17:32 +0900)]
TOMOYO: Fix wrong domainname in tomoyo_init_log().

Commit eadd99cc "TOMOYO: Add auditing interface." by error replaced
"struct tomoyo_request_info"->domain with tomoyo_domain().

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
13 years agoencrypted-keys: move ecryptfs documentation to proper location
Mimi Zohar [Wed, 29 Jun 2011 18:53:56 +0000 (14:53 -0400)]
encrypted-keys: move ecryptfs documentation to proper location

Move keys-ecryptfs.txt to Documentation/security.

Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
13 years agoTOMOYO: Cleanup header file.
Tetsuo Handa [Wed, 29 Jun 2011 05:22:37 +0000 (14:22 +0900)]
TOMOYO: Cleanup header file.

Sort by alphabetic order.

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
13 years agoTOMOYO: Update MAINTAINERS file.
Tetsuo Handa [Wed, 29 Jun 2011 05:17:31 +0000 (14:17 +0900)]
TOMOYO: Update MAINTAINERS file.

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
13 years agoTOMOYO: Fix build error with CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER=y .
Tetsuo Handa [Wed, 29 Jun 2011 04:07:52 +0000 (13:07 +0900)]
TOMOYO: Fix build error with CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER=y .

I forgot to add #ifndef in commit 0e4ae0e0 "TOMOYO: Make several options
configurable.", resulting

  security/built-in.o: In function `tomoyo_bprm_set_creds':
  tomoyo.c:(.text+0x4698e): undefined reference to `tomoyo_load_policy'

error.

Reported-by: Stephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
13 years agoMerge branch 'for-security' of git://git.kernel.org/pub/scm/linux/kernel/git/jj/appar...
James Morris [Thu, 30 Jun 2011 08:44:55 +0000 (18:44 +1000)]
Merge branch 'for-security' of git://git./linux/kernel/git/jj/apparmor-dev into next

13 years agoMerge branch 'linus' into next
James Morris [Thu, 30 Jun 2011 08:43:56 +0000 (18:43 +1000)]
Merge branch 'linus' into next

13 years agoMerge branch 'kvm-updates/3.0' of git://git.kernel.org/pub/scm/virt/kvm/kvm
Linus Torvalds [Wed, 29 Jun 2011 18:07:20 +0000 (11:07 -0700)]
Merge branch 'kvm-updates/3.0' of git://git./virt/kvm/kvm

* 'kvm-updates/3.0' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
  KVM: x86 emulator: fix %rip-relative addressing with immediate source operand

13 years agoMerge branch 'i2c-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jdelvar...
Linus Torvalds [Wed, 29 Jun 2011 18:07:02 +0000 (11:07 -0700)]
Merge branch 'i2c-for-linus' of git://git./linux/kernel/git/jdelvare/staging

* 'i2c-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jdelvare/staging:
  i2c/pca954x: Initialize the mux to disconnected state
  i2c-taos-evm: Fix log messages

13 years agoMerge branch 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc
Linus Torvalds [Wed, 29 Jun 2011 18:03:27 +0000 (11:03 -0700)]
Merge branch 'merge' of git://git./linux/kernel/git/benh/powerpc

* 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc:
  arch/powerpc: use printk_ratelimited instead of printk_ratelimit
  powerpc/rtas-rtc: remove sideeffects of printk_ratelimit
  powerpc/pseries: remove duplicate SCSI_BNX2_ISCSI in pseries_defconfig
  powerpc/e500: fix breakage with fsl_rio_mcheck_exception
  powerpc/p1022ds: fix audio-related properties in the device tree
  powerpc/85xx: fix NAND_CMD_READID read bytes number

13 years agoahci: change 'masking port_map' printk to KERN_WARNING level
Linus Torvalds [Wed, 29 Jun 2011 17:10:07 +0000 (10:10 -0700)]
ahci: change 'masking port_map' printk to KERN_WARNING level

It's not so much an error as a warning about normal Marvell crazines.
So don't use KERN_ERR that ends up spamming the console even in quiet
mode, it's not _that_ critical.

Explained by Jeff:

 "Long explanation, it's a mess:

  Marvell took standard AHCI, and bastardized it to include a weird mode
  whereby PATA devices appear inside the AHCI DMA and interrupt
  infrastructure you're familiar with.

  So, PATA devices appear via pata_marvell driver, using basic legacy
  IDE programming interface.  But SATA devices, which might also be
  attached to this chip, either work in under-performing mode or
  simply don't work at all (e.g.  newer 6 Gbps devices or port
  multiplier attachments, NCQ, ...)

  On the other hand, 'ahci' driver loads and works with the chip's
  attached SATA devices quite beautifully, but is completely unable to
  drive any attached PATA devices, due to the Marvell-specific
  PATA-under-AHCI interface.

  The "masking port_map 0x7 -> 0x3" message is the ahci driver "hiding"
  the PATA port(s) from itself, making sure it will only drive the SATA
  ports it knows how to drive."

Acked-by: Jeff Garzik <jgarzik@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
13 years agoi2c/pca954x: Initialize the mux to disconnected state
Petri Gynther [Wed, 29 Jun 2011 09:36:11 +0000 (11:36 +0200)]
i2c/pca954x: Initialize the mux to disconnected state

pca954x power-on default is channel 0 connected. If multiple pca954x
muxes are connected to the same physical I2C bus, the parent bus will
see channel 0 devices behind both muxes by default. This is bad.

Scenario:
            -- pca954x @ 0x70 -- ch 0 (I2C-bus-101) -- EEPROM @ 0x50
            |
I2C-bus-1 ---
            |
            -- pca954x @ 0x71 -- ch 0 (I2C-bus-111) -- EEPROM @ 0x50

1. Load I2C bus driver: creates I2C-bus-1
2. Load pca954x driver: creates virtual I2C-bus-101 and I2C-bus-111
3. Load eeprom driver
4. Try to read EEPROM @ 0x50 on I2C-bus-101. The transaction will also bleed
   onto I2C-bus-111 because pca954x @ 0x71 channel 0 is connected by default.

Fix: Initialize pca954x to disconnected state in pca954x_probe()

Signed-off-by: Petri Gynther <pgynther@google.com>
Signed-off-by: Jean Delvare <khali@linux-fr.org>
Cc: stable@kernel.org
13 years agoi2c-taos-evm: Fix log messages
Jean Delvare [Wed, 29 Jun 2011 09:36:10 +0000 (11:36 +0200)]
i2c-taos-evm: Fix log messages

* Print all error and information messages even when debugging is
  disabled.
* Don't use adapter device to log messages before it is ready.

Signed-off-by: Jean Delvare <khali@linux-fr.org>
Cc: stable@kernel.org
13 years agoKVM: x86 emulator: fix %rip-relative addressing with immediate source operand
Avi Kivity [Sun, 19 Jun 2011 16:21:11 +0000 (19:21 +0300)]
KVM: x86 emulator: fix %rip-relative addressing with immediate source operand

%rip-relative addressing is relative to the first byte of the next instruction,
so we need to add %rip only after we've fetched any immediate bytes.

Based on original patch by Li Xin <xin.li@intel.com>.

Signed-off-by: Avi Kivity <avi@redhat.com>
Acked-by: Li Xin <xin.li@intel.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
13 years agoarch/powerpc: use printk_ratelimited instead of printk_ratelimit
Christian Dietrich [Sat, 4 Jun 2011 05:36:54 +0000 (05:36 +0000)]
arch/powerpc: use printk_ratelimited instead of printk_ratelimit

Since printk_ratelimit() shouldn't be used anymore (see comment in
include/linux/printk.h), replace it with printk_ratelimited.

Signed-off-by: Christian Dietrich <christian.dietrich@informatik.uni-erlangen.de>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
13 years agopowerpc/rtas-rtc: remove sideeffects of printk_ratelimit
Christian Dietrich [Sat, 4 Jun 2011 05:35:47 +0000 (05:35 +0000)]
powerpc/rtas-rtc: remove sideeffects of printk_ratelimit

Don't use printk_ratelimit() as an additional condition for returning
on an error. Because when the ratelimit is reached, printk_ratelimit
will return 0 and e.g. in rtas_get_boot_time won't check for an error
condition.

Signed-off-by: Christian Dietrich <christian.dietrich@informatik.uni-erlangen.de>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
13 years agoAppArmor: Fix masking of capabilities in complain mode
John Johansen [Sat, 25 Jun 2011 15:57:07 +0000 (16:57 +0100)]
AppArmor: Fix masking of capabilities in complain mode

AppArmor is masking the capabilities returned by capget against the
capabilities mask in the profile.  This is wrong, in complain mode the
profile has effectively all capabilities, as the profile restrictions are
not being enforced, merely tested against to determine if an access is
known by the profile.

This can result in the wrong behavior of security conscience applications
like sshd which examine their capability set, and change their behavior
accordingly.  In this case because of the masked capability set being
returned sshd fails due to DAC checks, even when the profile is in complain
mode.

Kernels affected: 2.6.36 - 3.0.

Signed-off-by: John Johansen <john.johansen@canonical.com>
13 years agoAppArmor: Fix reference to rcu protected pointer outside of rcu_read_lock
John Johansen [Tue, 28 Jun 2011 14:06:38 +0000 (15:06 +0100)]
AppArmor: Fix reference to rcu protected pointer outside of rcu_read_lock

The pointer returned from tracehook_tracer_task() is only valid inside
the rcu_read_lock.  However the tracer pointer obtained is being passed
to aa_may_ptrace outside of the rcu_read_lock critical section.

Mover the aa_may_ptrace test into the rcu_read_lock critical section, to
fix this.

Kernels affected: 2.6.36 - 3.0

Reported-by: Oleg Nesterov <oleg@redhat.com>
Cc: stable@kernel.org
Signed-off-by: John Johansen <john.johansen@canonical.com>
13 years agoTOMOYO: Make several options configurable.
Tetsuo Handa [Sun, 26 Jun 2011 14:22:59 +0000 (23:22 +0900)]
TOMOYO: Make several options configurable.

To be able to start using enforcing mode from the early stage of boot sequence,
this patch adds support for activating access control without calling external
policy loader program. This will be useful for systems where operations which
can lead to the hijacking of the boot sequence are needed before loading the
policy. For example, you can activate immediately after loading the fixed part
of policy which will allow only operations needed for mounting a partition
which contains the variant part of policy and verifying (e.g. running GPG
check) and loading the variant part of policy. Since you can start using
enforcing mode from the beginning, you can reduce the possibility of hijacking
the boot sequence.

This patch makes several variables configurable on build time. This patch also
adds TOMOYO_loader= and TOMOYO_trigger= kernel command line option to boot the
same kernel in two different init systems (BSD-style init and systemd).

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
13 years agoTOMOYO: Add built-in policy support.
Tetsuo Handa [Sun, 26 Jun 2011 14:22:18 +0000 (23:22 +0900)]
TOMOYO: Add built-in policy support.

To be able to start using enforcing mode from the early stage of boot sequence,
this patch adds support for built-in policy configuration (and next patch adds
support for activating access control without calling external policy loader
program).

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
13 years agoTOMOYO: Rename meminfo to stat and show more statistics.
Tetsuo Handa [Sun, 26 Jun 2011 14:21:50 +0000 (23:21 +0900)]
TOMOYO: Rename meminfo to stat and show more statistics.

Show statistics such as last policy update time and last policy violation time
in addition to memory usage.

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
13 years agoTOMOYO: Cleanup part 4.
Tetsuo Handa [Sun, 26 Jun 2011 14:21:19 +0000 (23:21 +0900)]
TOMOYO: Cleanup part 4.

Gather string constants to one file in order to make the object size smaller.
Use unsigned type where appropriate.
read()/write() returns ssize_t.

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
13 years agoTOMOYO: Fix lockdep warning.
Tetsuo Handa [Sun, 26 Jun 2011 14:20:55 +0000 (23:20 +0900)]
TOMOYO: Fix lockdep warning.

Currently TOMOYO holds SRCU lock upon open() and releases it upon close()
because list elements stored in the "struct tomoyo_io_buffer" instances are
accessed until close() is called. However, such SRCU usage causes lockdep to
complain about leaving the kernel with SRCU lock held.

This patch solves the warning by holding/releasing SRCU upon each
read()/write(). This patch is doing something similar to calling kfree()
without calling synchronize_srcu(), by selectively deferring kfree() by keeping
track of the "struct tomoyo_io_buffer" instances.

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
13 years agoTOMOYO: Change pathname for non-rename()able filesystems.
Tetsuo Handa [Sun, 26 Jun 2011 14:20:23 +0000 (23:20 +0900)]
TOMOYO: Change pathname for non-rename()able filesystems.

TOMOYO wants to use /proc/self/ rather than /proc/$PID/ if $PID matches current
thread's process ID in order to prevent current thread from accessing other
process's information unless needed.

But since procfs can be mounted on various locations (e.g. /proc/ /proc2/ /p/
/tmp/foo/100/p/ ), TOMOYO cannot tell that whether the numeric part in the
string returned by __d_path() represents process ID or not.

Therefore, to be able to convert from $PID to self no matter where procfs is
mounted, this patch changes pathname representations for filesystems which do
not support rename() operation (e.g. proc, sysfs, securityfs).

Examples:
  /proc/self/mounts => proc:/self/mounts
  /sys/kernel/security/ => sys:/kernel/security/
  /dev/pts/0 => devpts:/0

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
13 years agoTOMOYO: Add policy namespace support.
Tetsuo Handa [Sun, 26 Jun 2011 14:19:52 +0000 (23:19 +0900)]
TOMOYO: Add policy namespace support.

Mauras Olivier reported that it is difficult to use TOMOYO in LXC environments,
for TOMOYO cannot distinguish between environments outside the container and
environments inside the container since LXC environments are created using
pivot_root(). To address this problem, this patch introduces policy namespace.

Each policy namespace has its own set of domain policy, exception policy and
profiles, which are all independent of other namespaces. This independency
allows users to develop policy without worrying interference among namespaces.

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
13 years agoTOMOYO: Add ACL group support.
Tetsuo Handa [Sun, 26 Jun 2011 14:19:28 +0000 (23:19 +0900)]
TOMOYO: Add ACL group support.

ACL group allows administrator to globally grant not only "file read"
permission but also other permissions.

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
13 years agoTOMOYO: Add auditing interface.
Tetsuo Handa [Sun, 26 Jun 2011 14:18:58 +0000 (23:18 +0900)]
TOMOYO: Add auditing interface.

Add /sys/kernel/security/tomoyo/audit interface. This interface generates audit
logs in the form of domain policy so that /usr/sbin/tomoyo-auditd can reuse
audit logs for appending to /sys/kernel/security/tomoyo/domain_policy
interface.

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
13 years agoTOMOYO: Simplify profile structure.
Tetsuo Handa [Sun, 26 Jun 2011 14:18:21 +0000 (23:18 +0900)]
TOMOYO: Simplify profile structure.

Remove global preference from profile structure in order to make code simpler.

Due to this structure change, printk() warnings upon policy violation are
temporarily disabled. They will be replaced by
/sys/kernel/security/tomoyo/audit by next patch.

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
13 years agoTOMOYO: Rename directives.
Tetsuo Handa [Sun, 26 Jun 2011 14:17:46 +0000 (23:17 +0900)]
TOMOYO: Rename directives.

Convert "allow_..." style directives to "file ..." style directives.
By converting to the latter style, we can pack policy like
"file read/write/execute /path/to/file".

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
13 years agoTOMOYO: Use struct for passing ACL line.
Tetsuo Handa [Sun, 26 Jun 2011 14:17:10 +0000 (23:17 +0900)]
TOMOYO: Use struct for passing ACL line.

Use structure for passing ACL line, in preparation for supporting policy
namespace and conditional parameters.

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
13 years agoTOMOYO: Cleanup part 3.
Tetsuo Handa [Sun, 26 Jun 2011 14:16:36 +0000 (23:16 +0900)]
TOMOYO: Cleanup part 3.

Use common structure for ACL with "struct list_head" + "atomic_t".
Use array/struct where possible.
Remove is_group from "struct tomoyo_name_union"/"struct tomoyo_number_union".
Pass "struct file"->private_data rather than "struct file".
Update some of comments.
Bring tomoyo_same_acl_head() from common.h to domain.c .
Bring tomoyo_invalid()/tomoyo_valid() from common.h to util.c .

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
13 years agoTOMOYO: Cleanup part 2.
Tetsuo Handa [Sun, 26 Jun 2011 14:16:03 +0000 (23:16 +0900)]
TOMOYO: Cleanup part 2.

Update (or temporarily remove) comments.
Remove or replace some of #define lines.

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
13 years agoTOMOYO: Cleanup part 1.
Tetsuo Handa [Sun, 26 Jun 2011 14:15:31 +0000 (23:15 +0900)]
TOMOYO: Cleanup part 1.

In order to synchronize with TOMOYO 1.8's syntax,

(1) Remove special handling for allow_read/write permission.
(2) Replace deny_rewrite/allow_rewrite permission with allow_append permission.
(3) Remove file_pattern keyword.
(4) Remove allow_read permission from exception policy.
(5) Allow creating domains in enforcing mode without calling supervisor.
(6) Add permission check for opening directory for reading.
(7) Add permission check for stat() operation.
(8) Make "cat < /sys/kernel/security/tomoyo/self_domain" behave as if
    "cat /sys/kernel/security/tomoyo/self_domain".

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
13 years agopowerpc/pseries: remove duplicate SCSI_BNX2_ISCSI in pseries_defconfig
Michael Neuling [Mon, 27 Jun 2011 19:55:30 +0000 (19:55 +0000)]
powerpc/pseries: remove duplicate SCSI_BNX2_ISCSI in pseries_defconfig

Remove duplicate assignment of SCSI_BNX2_ISCSI in pseries_defconfig
introduced by:
  37e0c21e powerpc/pseries: Enable iSCSI support for a number of cards

causes warning:
arch/powerpc/configs/pseries_defconfig:151:warning: override: reassigning to symbol SCSI_BNX2_ISCSI

Signed-off-by: Michael Neuling <mikey@neuling.org>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
13 years agoMerge branch 'drm-intel-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/keith...
Linus Torvalds [Tue, 28 Jun 2011 18:15:57 +0000 (11:15 -0700)]
Merge branch 'drm-intel-fixes' of git://git./linux/kernel/git/keithp/linux-2.6

* 'drm-intel-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/keithp/linux-2.6:
  drm/i915: Use chipset-specific irq installers
  drm/i915: forcewake fix after reset
  drm/i915: add Ivy Bridge page flip support
  drm/i915: split page flip queueing into per-chipset functions

13 years agoMerge branch 'driver-core-linus' of git://git.kernel.org/pub/scm/linux/kernel/git...
Linus Torvalds [Tue, 28 Jun 2011 18:15:36 +0000 (11:15 -0700)]
Merge branch 'driver-core-linus' of git://git./linux/kernel/git/gregkh/driver-core-2.6

* 'driver-core-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core-2.6:
  Connector: Correctly set the error code in case of success when dispatching receive callbacks
  Connector: Set the CN_NETLINK_USERS correctly
  pti: PTI semantics fix in pti_tty_cleanup.
  pti: ENXIO error case memory leak PTI fix.
  pti: double-free security PTI fix
  drivers:misc: ti-st: fix skipping of change remote baud
  drivers/base/platform.c: don't mark platform_device_register_resndata() as __init_or_module
  st_kim: Handle case of no device found for ID 0
  firmware: fix GOOGLE_SMI kconfig dependency warning

13 years agoMerge branch 'usb-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh...
Linus Torvalds [Tue, 28 Jun 2011 18:15:17 +0000 (11:15 -0700)]
Merge branch 'usb-linus' of git://git./linux/kernel/git/gregkh/usb-2.6

* 'usb-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb-2.6:
  MAINTAINERS: add myself as maintainer of USB/IP
  usb: r8a66597-hcd: fix cannot detect low/full speed device
  USB: ehci-ath79: fix a NULL pointer dereference
  USB: Add new FT232H chip to drivers/usb/serial/ftdi_sio.c
  usb/isp1760: Fix bug preventing the unlinking of control urbs
  USB: Fix up URB error codes to reflect implementation.
  xhci: Always set urb->status to zero for isoc endpoints.
  xhci: Add reset on resume quirk for asrock p67 host
  xHCI 1.0: Incompatible Device Error
  USB: don't let errors prevent system sleep
  USB: don't let the hub driver prevent system sleep
  USB: change maintainership of ohci-hcd and ehci-hcd
  xHCI 1.0: Force Stopped Event(FSE)
  xhci: Don't warn about zeroed bMaxBurst descriptor field.
  USB: Free bandwidth when usb_disable_device is called.
  xhci: Reject double add of active endpoints.
  USB: TI 3410/5052 USB Serial Driver: Fix mem leak when firmware is too big.
  usb: musb: gadget: clear TXPKTRDY flag when set FLUSHFIFO
  usb: musb: host: compare status for negative error values

13 years agoMerge branch 'tty-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh...
Linus Torvalds [Tue, 28 Jun 2011 18:14:55 +0000 (11:14 -0700)]
Merge branch 'tty-linus' of git://git./linux/kernel/git/gregkh/tty-2.6

* 'tty-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty-2.6:
  serial: bcm63xx_uart: fix irq storm after rx fifo overrun.
  amba pl011: platform data for reg lockup and glitch v2
  amba pl011: workaround for uart registers lockup
  tty: n_gsm: improper skb_pull() use was leaking framed data
  tty: n_gsm: Fixed logic to decode break signal from modem status
  TTY: ntty, add one more sanity check
  TTY: ldisc, do not close until there are readers
  8250: Fix capabilities when changing the port type
  8250_pci: Fix missing const from merges
  ARM: SAMSUNG: serial: Fix on handling of one clock source for UART
  serial: ioremap warning fix for jsm driver.
  8250_pci: add -ENODEV code for Intel EG20T PCH

13 years agoMerge branch 'staging-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh...
Linus Torvalds [Tue, 28 Jun 2011 18:14:22 +0000 (11:14 -0700)]
Merge branch 'staging-linus' of git://git./linux/kernel/git/gregkh/staging-2.6

* 'staging-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging-2.6:
  Staging: comedi: fix build breakages on some platforms
  Staging: brcm80211: disable drivers except for X86 or MIPS platforms
  Staging: brcm80211: disable drivers for PPC platforms
  Staging: iio: Make IIO depend on GENERIC_HARDIRQS
  Staging: mei: fix suspend failure
  Staging: fix iio builds when IIO_RING_BUFFER is not enabled
  Staging: Comedi: Build only on arches providing PAGE_KERNEL_NOCACHE
  Staging: fix more iio builds when IIO_RING_BUFFER is not enabled

13 years agoMerge branch 'for-linus' of git://neil.brown.name/md
Linus Torvalds [Tue, 28 Jun 2011 18:14:00 +0000 (11:14 -0700)]
Merge branch 'for-linus' of git://neil.brown.name/md

* 'for-linus' of git://neil.brown.name/md:
  md: avoid endless recovery loop when waiting for fail device to complete.

13 years agodrm/i915: Use chipset-specific irq installers
Chris Wilson [Tue, 28 Jun 2011 10:48:51 +0000 (11:48 +0100)]
drm/i915: Use chipset-specific irq installers

Konstantin Belousov pointed out that 4697995b98417 replaced the generic
i915_driver_irq_*install() functions with chipset specific routines
accessible only through driver->irq_*install(). So update the sanity
check in i915_request_wait() to match.

Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Signed-off-by: Keith Packard <keithp@keithp.com>
13 years agodrm/i915: forcewake fix after reset
Ben Widawsky [Fri, 24 Jun 2011 21:31:47 +0000 (14:31 -0700)]
drm/i915: forcewake fix after reset

The failure is as follows:

1. Userspace gets forcewake lock, lock count >=1
2. GPU hang/reset occurs (forcewake bit is reset)
3. count is now incorrect

The failure can only occur when using the forcewake userspace lock.

This has the unfortunate consequence of messing up the driver as well as
userspace, unless userspace closes the debugfs file, the kernel will
never end up waking the GT since the refcount will be > 1.

The solution is to try to recover the correct forcewake state based on
the refcount. There is a period of time where userspace reads/writes may
occur after the reset, before the GT has been forcewaked. The interface
was never designed to be a perfect solution for userspace reads/writes,
and the kernel portion is fixed by this patch.

Suggested-by: Chris Wilson <chris@chris-wilson.co.uk>
Signed-off-by: Ben Widawsky <ben@bwidawsk.net>
Signed-off-by: Keith Packard <keithp@keithp.com>
13 years agoproc: restrict access to /proc/PID/io
Vasiliy Kulikov [Fri, 24 Jun 2011 12:08:38 +0000 (16:08 +0400)]
proc: restrict access to /proc/PID/io

/proc/PID/io may be used for gathering private information.  E.g.  for
openssh and vsftpd daemons wchars/rchars may be used to learn the
precise password length.  Restrict it to processes being able to ptrace
the target process.

ptrace_may_access() is needed to prevent keeping open file descriptor of
"io" file, executing setuid binary and gathering io information of the
setuid'ed process.

Signed-off-by: Vasiliy Kulikov <segoon@openwall.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
13 years agomd: avoid endless recovery loop when waiting for fail device to complete.
NeilBrown [Tue, 28 Jun 2011 06:59:42 +0000 (16:59 +1000)]
md: avoid endless recovery loop when waiting for fail device to complete.

If a device fails in a way that causes pending request to take a while
to complete, md will not be able to immediately remove it from the
array in remove_and_add_spares.
It will then incorrectly look like a spare device and md will try to
recover it even though it is failed.
This leads to a recovery process starting and instantly aborting over
and over again.

We should check if the device is faulty before considering it to be a
spare.  This will avoid trying to start a recovery that cannot
proceed.

This bug was introduced in 2.6.26 so that patch is suitable for any
kernel since then.

Cc: stable@kernel.org
Reported-by: Jim Paradis <james.paradis@stratus.com>
Signed-off-by: NeilBrown <neilb@suse.de>
13 years agoLinux 3.0-rc5
Linus Torvalds [Tue, 28 Jun 2011 02:12:22 +0000 (19:12 -0700)]
Linux 3.0-rc5

13 years agodrm/i915: more struct_mutex locking
Hugh Dickins [Mon, 27 Jun 2011 23:18:20 +0000 (16:18 -0700)]
drm/i915: more struct_mutex locking

When auditing the locking in i915_gem.c (for a prospective change which
I then abandoned), I noticed two places where struct_mutex is not held
across GEM object manipulations that would usually require it.

Since one is in initial setup and the other in driver unload, I'm
guessing the mutex is not required for either; but post a patch in case
it is.

Signed-off-by: Hugh Dickins <hughd@google.com>
Cc: Chris Wilson <chris@chris-wilson.co.uk>
Cc: Keith Packard <keithp@keithp.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
13 years agodrm/i915: use shmem_truncate_range
Hugh Dickins [Mon, 27 Jun 2011 23:18:19 +0000 (16:18 -0700)]
drm/i915: use shmem_truncate_range

The interface to ->truncate_range is changing very slightly: once "tmpfs:
take control of its truncate_range" has been applied, this can be applied.
 For now there is only a slight inefficiency while this remains unapplied,
but it will soon become essential for managing shmem's use of swap.

Change i915_gem_object_truncate() to use shmem_truncate_range() directly:
which should also spare i915 later change if we switch from
inode_operations->truncate_range to file_operations->fallocate.

Signed-off-by: Hugh Dickins <hughd@google.com>
Cc: Christoph Hellwig <hch@infradead.org>
Cc: Chris Wilson <chris@chris-wilson.co.uk>
Cc: Keith Packard <keithp@keithp.com>
Cc: Dave Airlie <airlied@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
13 years agodrm/i915: use shmem_read_mapping_page
Hugh Dickins [Mon, 27 Jun 2011 23:18:18 +0000 (16:18 -0700)]
drm/i915: use shmem_read_mapping_page

Soon tmpfs will stop supporting ->readpage and read_cache_page_gfp(): once
"tmpfs: add shmem_read_mapping_page_gfp" has been applied, this patch can
be applied to ease the transition.

Make i915_gem_object_get_pages_gtt() use shmem_read_mapping_page_gfp() in
the one place it's needed; elsewhere use shmem_read_mapping_page(), with
the mapping's gfp_mask properly initialized.

Forget about __GFP_COLD: since tmpfs initializes its pages with memset,
asking for a cold page is counter-productive.

Include linux/shmem_fs.h also in drm_gem.c: with shmem_file_setup() now
declared there too, we shall remove the prototype from linux/mm.h later.

Signed-off-by: Hugh Dickins <hughd@google.com>
Cc: Christoph Hellwig <hch@infradead.org>
Cc: Chris Wilson <chris@chris-wilson.co.uk>
Cc: Keith Packard <keithp@keithp.com>
Cc: Dave Airlie <airlied@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
13 years agodrm/ttm: use shmem_read_mapping_page
Hugh Dickins [Mon, 27 Jun 2011 23:18:17 +0000 (16:18 -0700)]
drm/ttm: use shmem_read_mapping_page

Soon tmpfs will stop supporting ->readpage and read_mapping_page(): once
"tmpfs: add shmem_read_mapping_page_gfp" has been applied, this patch can
be applied to ease the transition.

ttm_tt_swapin() and ttm_tt_swapout() use shmem_read_mapping_page() in
place of read_mapping_page(), since their swap_space has been created with
shmem_file_setup().

Signed-off-by: Hugh Dickins <hughd@google.com>
Cc: Christoph Hellwig <hch@infradead.org>
Cc: Thomas Hellstrom <thellstrom@vmware.com>
Cc: Dave Airlie <airlied@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
13 years agodrivers/tty/serial/8250_pci.c: fix warning
Andrew Morton [Mon, 27 Jun 2011 23:18:16 +0000 (16:18 -0700)]
drivers/tty/serial/8250_pci.c: fix warning

Fis the warning

  drivers/tty/serial/8250_pci.c:1457: warning: initialization from incompatible pointer type

Cc: Greg KH <greg@kroah.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
13 years agodrivers/misc/ioc4.c: fix section mismatch / race condition
Ralf Baechle [Mon, 27 Jun 2011 23:18:15 +0000 (16:18 -0700)]
drivers/misc/ioc4.c: fix section mismatch / race condition

Fix this section mismatch:

  WARNING: drivers/misc/ioc4.o(.data+0x144): Section mismatch in reference from the variable ioc4_load_modules_work to the function .devinit.text:ioc4_load_modules()
  The variable ioc4_load_modules_work references
  the function __devinit ioc4_load_modules()
  If the reference is valid then annotate the
  variable with __init* or __refdata (see linux/init.h) or name the variable:
  *driver, *_template, *_timer, *_sht, *_ops, *_probe, *_probe_one, *_console

This one is potentially fatal; by the time ioc4_load_modules is invoked
it may already have been freed.  For that reason ioc4_load_modules_work
can't be turned to __devinitdata but also because it's referenced in
ioc4_exit.

Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Acked-by: Brent Casavant <bcasavan@sgi.com>
Cc: Tejun Heo <tj@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
13 years agodrivers/leds/leds-lp5523.c: fix section mismatches
Ralf Baechle [Mon, 27 Jun 2011 23:18:14 +0000 (16:18 -0700)]
drivers/leds/leds-lp5523.c: fix section mismatches

Fix this section mismatch:

  WARNING: drivers/leds/leds-lp5523.o(.text+0x12f4): Section mismatch in reference from the function lp5523_probe() to the function .init.text:lp5523_init_led()
  The function lp5523_probe() references
  the function __init lp5523_init_led().
  This is often because lp5523_probe lacks a __init
  annotation or the annotation of lp5523_init_led is wrong.

Fixing this one triggers one more mismatch, fix that one as well.

Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Cc: Richard Purdie <rpurdie@rpsys.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
13 years agodrivers/leds/leds-lp5521.c: fix section mismatches
Ralf Baechle [Mon, 27 Jun 2011 23:18:13 +0000 (16:18 -0700)]
drivers/leds/leds-lp5521.c: fix section mismatches

Fix this section mismatch:

  WARNING: drivers/leds/leds-lp5521.o(.text+0xf2c): Section mismatch in reference from the function lp5521_probe() to the function .init.text:lp5521_init_led()
  The function lp5521_probe() references
  the function __init lp5521_init_led().
  This is often because lp5521_probe lacks a __init
  annotation or the annotation of lp5521_init_led is wrong.

Fixing this mismatch triggers one more mismatch, fix that one as well.

Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Cc: Richard Purdie <rpurdie@rpsys.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
13 years agomemcg: fix direct softlimit reclaim to be called in limit path
KAMEZAWA Hiroyuki [Mon, 27 Jun 2011 23:18:12 +0000 (16:18 -0700)]
memcg: fix direct softlimit reclaim to be called in limit path

Commit d149e3b25d7c ("memcg: add the soft_limit reclaim in global direct
reclaim") adds a softlimit hook to shrink_zones().  By this, soft limit
is called as

   try_to_free_pages()
       do_try_to_free_pages()
           shrink_zones()
               mem_cgroup_soft_limit_reclaim()

Then, direct reclaim is memcg softlimit hint aware, now.

But, the memory cgroup's "limit" path can call softlimit shrinker.

   try_to_free_mem_cgroup_pages()
       do_try_to_free_pages()
           shrink_zones()
               mem_cgroup_soft_limit_reclaim()

This will cause a global reclaim when a memcg hits limit.

This is bug. soft_limit_reclaim() should be called when
scanning_global_lru(sc) == true.

And the commit adds a variable "total_scanned" for counting softlimit
scanned pages....it's not "total".  This patch removes the variable and
update sc->nr_scanned instead of it.  This will affect shrink_slab()'s
scan condition but, global LRU is scanned by softlimit and I think this
change makes sense.

TODO: avoid too much scanning of a zone when softlimit did enough work.

Signed-off-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
Cc: Daisuke Nishimura <nishimura@mxp.nes.nec.co.jp>
Cc: Ying Han <yinghan@google.com>
Cc: Michal Hocko <mhocko@suse.cz>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
13 years agotaskstats: don't allow duplicate entries in listener mode
Vasiliy Kulikov [Mon, 27 Jun 2011 23:18:11 +0000 (16:18 -0700)]
taskstats: don't allow duplicate entries in listener mode

Currently a single process may register exit handlers unlimited times.
It may lead to a bloated listeners chain and very slow process
terminations.

Eg after 10KK sent TASKSTATS_CMD_ATTR_REGISTER_CPUMASKs ~300 Mb of
kernel memory is stolen for the handlers chain and "time id" shows 2-7
seconds instead of normal 0.003.  It makes it possible to exhaust all
kernel memory and to eat much of CPU time by triggerring numerous exits
on a single CPU.

The patch limits the number of times a single process may register
itself on a single CPU to one.

One little issue is kept unfixed - as taskstats_exit() is called before
exit_files() in do_exit(), the orphaned listener entry (if it was not
explicitly deregistered) is kept until the next someone's exit() and
implicit deregistration in send_cpu_listeners().  So, if a process
registered itself as a listener exits and the next spawned process gets
the same pid, it would inherit taskstats attributes.

Signed-off-by: Vasiliy Kulikov <segooon@gmail.com>
Cc: Balbir Singh <bsingharora@gmail.com>
Cc: <stable@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
13 years agomm: fix assertion mapping->nrpages == 0 in end_writeback()
Jan Kara [Mon, 27 Jun 2011 23:18:10 +0000 (16:18 -0700)]
mm: fix assertion mapping->nrpages == 0 in end_writeback()

Under heavy memory and filesystem load, users observe the assertion
mapping->nrpages == 0 in end_writeback() trigger.  This can be caused by
page reclaim reclaiming the last page from a mapping in the following
race:

CPU0 CPU1
  ...
  shrink_page_list()
    __remove_mapping()
      __delete_from_page_cache()
        radix_tree_delete()
evict_inode()
  truncate_inode_pages()
    truncate_inode_pages_range()
      pagevec_lookup() - finds nothing
  end_writeback()
    mapping->nrpages != 0 -> BUG
        page->mapping = NULL
        mapping->nrpages--

Fix the problem by doing a reliable check of mapping->nrpages under
mapping->tree_lock in end_writeback().

Analyzed by Jay <jinshan.xiong@whamcloud.com>, lost in LKML, and dug out
by Miklos Szeredi <mszeredi@suse.de>.

Cc: Jay <jinshan.xiong@whamcloud.com>
Cc: Miklos Szeredi <mszeredi@suse.de>
Signed-off-by: Jan Kara <jack@suse.cz>
Cc: <stable@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
13 years agomm/memory-failure.c: fix spinlock vs mutex order
Peter Zijlstra [Mon, 27 Jun 2011 23:18:09 +0000 (16:18 -0700)]
mm/memory-failure.c: fix spinlock vs mutex order

We cannot take a mutex while holding a spinlock, so flip the order and
fix the locking documentation.

Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
Acked-by: Andi Kleen <ak@linux.intel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
13 years agodrivers/misc/lkdtm.c: fix race when crashpoint is hit multiple times before checking...
Josh Hunt [Mon, 27 Jun 2011 23:18:08 +0000 (16:18 -0700)]
drivers/misc/lkdtm.c: fix race when crashpoint is hit multiple times before checking count

We observed the crash point count going negative in cases where the
crash point is hit multiple times before the check of "count == 0" is
done.  Because of this we never call lkdtm_do_action().  This patch just
adds a spinlock to protect count.

Reported-by: Tapan Dhimant <tdhimant@akamai.com>
Signed-off-by: Josh Hunt <johunt@akamai.com>
Acked-by: Ankita Garg <ankita@in.ibm.com>
Cc: <stable@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
13 years agoinclude/linux/compat.h: declare compat_sys_sendmmsg()
Chris Metcalf [Mon, 27 Jun 2011 23:18:07 +0000 (16:18 -0700)]
include/linux/compat.h: declare compat_sys_sendmmsg()

This is required for tilegx to be able to use the compat unistd.h header
where compat_sys_sendmmsg() is now mentioned.

Signed-off-by: Chris Metcalf <cmetcalf@tilera.com>
Cc: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
13 years agoromfs: fix romfs_get_unmapped_area() argument check
Bob Liu [Mon, 27 Jun 2011 23:18:06 +0000 (16:18 -0700)]
romfs: fix romfs_get_unmapped_area() argument check

romfs_get_unmapped_area() checks argument `len' without considering
PAGE_ALIGN which will cause do_mmap_pgoff() return -EINVAL error after
commit f67d9b1576c ("nommu: add page_align to mmap").

Fix the check by changing it in same way ramfs_nommu_get_unmapped_area()
was changed in ramfs/file-nommu.c.

Signed-off-by: Bob Liu <lliubbo@gmail.com>
Cc: David Howells <dhowells@redhat.com>
Cc: Paul Mundt <lethal@linux-sh.org>
Acked-by: Greg Ungerer <gerg@snapgear.com>
Cc: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
13 years agoum: add asm/percpu.h
Richard Weinberger [Mon, 27 Jun 2011 23:18:05 +0000 (16:18 -0700)]
um: add asm/percpu.h

To make SLUB work on UML we need this_cpu_cmpxchg from
asm-generic/percpu.h.

Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
13 years agodrivers/rtc/rtc-ds1307.c: add support for RTC device pt7c4338
Priyanka Jain [Mon, 27 Jun 2011 23:18:04 +0000 (16:18 -0700)]
drivers/rtc/rtc-ds1307.c: add support for RTC device pt7c4338

PT7C4338 chip is being manufactured by Pericom Technology Inc.  It is a
serial real-time clock which provides:

1) Low-power clock/calendar.
2) Programmable square-wave output.

It has 56 bytes of nonvolatile RAM.  Its register set is same as that of
rtc device: DS1307.

Signed-off-by: Priyanka Jain <Priyanka.Jain@freescale.com>
Acked-by: Timur Tabi <timur@freescale.com>
Reviewed-by: Wolfram Sang <w.sang@pengutronix.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
13 years agotmpfs: add shmem_read_mapping_page_gfp
Hugh Dickins [Mon, 27 Jun 2011 23:18:04 +0000 (16:18 -0700)]
tmpfs: add shmem_read_mapping_page_gfp

Although it is used (by i915) on nothing but tmpfs, read_cache_page_gfp()
is unsuited to tmpfs, because it inserts a page into pagecache before
calling the filesystem's ->readpage: tmpfs may have pages in swapcache
which only it knows how to locate and switch to filecache.

At present tmpfs provides a ->readpage method, and copes with this by
copying pages; but soon we can simplify it by removing its ->readpage.
Provide shmem_read_mapping_page_gfp() now, ready for that transition,

Export shmem_read_mapping_page_gfp() and add it to list in shmem_fs.h,
with shmem_read_mapping_page() inline for the common mapping_gfp case.

(shmem_read_mapping_page_gfp or shmem_read_cache_page_gfp? Generally the
read_mapping_page functions use the mapping's ->readpage, and the
read_cache_page functions use the supplied filler, so I think
read_cache_page_gfp was slightly misnamed.)

Signed-off-by: Hugh Dickins <hughd@google.com>
Cc: Christoph Hellwig <hch@infradead.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
13 years agotmpfs: take control of its truncate_range
Hugh Dickins [Mon, 27 Jun 2011 23:18:03 +0000 (16:18 -0700)]
tmpfs: take control of its truncate_range

2.6.35's new truncate convention gave tmpfs the opportunity to control
its file truncation, no longer enforced from outside by vmtruncate().
We shall want to build upon that, to handle pagecache and swap together.

Slightly redefine the ->truncate_range interface: let it now be called
between the unmap_mapping_range()s, with the filesystem responsible for
doing the truncate_inode_pages_range() from it - just as the filesystem
is nowadays responsible for doing that from its ->setattr.

Let's rename shmem_notify_change() to shmem_setattr().  Instead of
calling the generic truncate_setsize(), bring that code in so we can
call shmem_truncate_range() - which will later be updated to perform its
own variant of truncate_inode_pages_range().

Remove the punch_hole unmap_mapping_range() from shmem_truncate_range():
now that the COW's unmap_mapping_range() comes after ->truncate_range,
there is no need to call it a third time.

Export shmem_truncate_range() and add it to the list in shmem_fs.h, so
that i915_gem_object_truncate() can call it explicitly in future; get
this patch in first, then update drm/i915 once this is available (until
then, i915 will just be doing the truncate_inode_pages() twice).

Though introduced five years ago, no other filesystem is implementing
->truncate_range, and its only other user is madvise(,,MADV_REMOVE): we
expect to convert it to fallocate(,FALLOC_FL_PUNCH_HOLE,,) shortly,
whereupon ->truncate_range can be removed from inode_operations -
shmem_truncate_range() will help i915 across that transition too.

Signed-off-by: Hugh Dickins <hughd@google.com>
Cc: Christoph Hellwig <hch@infradead.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
13 years agomm: move shmem prototypes to shmem_fs.h
Hugh Dickins [Mon, 27 Jun 2011 23:18:02 +0000 (16:18 -0700)]
mm: move shmem prototypes to shmem_fs.h

Before adding any more global entry points into shmem.c, gather such
prototypes into shmem_fs.h.  Remove mm's own declarations from swap.h,
but for now leave the ones in mm.h: because shmem_file_setup() and
shmem_zero_setup() are called from various places, and we should not
force other subsystems to update immediately.

Signed-off-by: Hugh Dickins <hughd@google.com>
Cc: Christoph Hellwig <hch@infradead.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
13 years agomm: move vmtruncate_range to truncate.c
Hugh Dickins [Mon, 27 Jun 2011 23:18:01 +0000 (16:18 -0700)]
mm: move vmtruncate_range to truncate.c

You would expect to find vmtruncate_range() next to vmtruncate() in
mm/truncate.c: move it there.

Signed-off-by: Hugh Dickins <hughd@google.com>
Acked-by: Christoph Hellwig <hch@infradead.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
13 years agoFix some kernel-doc warnings
Vitaliy Ivanov [Mon, 27 Jun 2011 16:07:08 +0000 (19:07 +0300)]
Fix some kernel-doc warnings

Fix 'make htmldocs' warnings:

  Warning(/include/linux/hrtimer.h:153): No description found for parameter 'clockid'
  Warning(/include/linux/device.h:604): Excess struct/union/enum/typedef member 'of_match' description in 'device'
  Warning(/include/net/sock.h:349): Excess struct/union/enum/typedef member 'sk_rmem_alloc' description in 'sock'

Signed-off-by: Vitaliy Ivanov <vitalivanov@gmail.com>
Acked-by: Grant Likely <grant.likely@secretlab.ca>
Acked-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>